This detection rule targets open redirect vulnerabilities associated with the domain sciencebuddies.org. Open redirects can be exploited by attackers to redirect victims to malicious sites while appearing to be legitimate. The rule specifically analyzes inbound messages for links pointing to sciencebuddies.org, checking if the URL contains '/Handlers/QrCode.aspx' and if the query parameters include 'u='. It further ensures that the redirect is not to a safe domain by rejecting links that redirect to any sciencebuddies.org subdomains. To enhance the accuracy of detection, the rule does not trigger for emails sent from highly trusted domains unless these domains fail DMARC authentication checks. This approach mitigates false positives from trusted sources while still flagging potential phishing attempts and ransomware linked to open redirects. The severity is marked as medium because of the potential for credential phishing and delivery of malware via trusted links.